描述

BigAmbitions Membership & Login Bridge for GlueUp is an independent integration tool designed for organizations using the GlueUp platform (formerly EventBank). It provides a secure, branded gateway that bridges your WordPress site with your GlueUp database, allowing members to log in using their GlueUp credentials.

This plugin is not affiliated with, endorsed by, or officially connected to GlueUp. It simply integrates with the publicly available GlueUp API.

Unlike standard login plugins, this bridge doesn’t just check passwords—it validates the user’s real-time membership status. It ensures that only members in good standing (Active, Soon-to-Expire, or in a Grace Period) can access your protected content.

Key Features:
* Real-time API Authentication: Authenticate members securely against the GlueUp API.
* Intelligent Membership Check: Automatically verify if a member is Active, Soon-to-Expire, or in a Grace Period before allowing access.
* Organization-First White-Labeling: Customize the login experience with your own company name.
* Seamless Profile Sync: Automatically synchronize user names and company details from GlueUp to WordPress.
* Security First: Built with CSRF protection, data sanitization, and compatibility with brute-force protection plugins.
* Developer Friendly: Simple shortcode integration [glueup_login_form] and a clean administration dashboard.

External services

This plugin connects to the GlueUp API to authenticate members and verify their membership status.

Authentication (Login)

When a user submits the login form, the plugin sends their email address and an MD5-hashed password to the GlueUp session endpoint to obtain an authentication token.
Endpoint: https://api.glueup.com/v2/user/session

Membership Verification

After authentication, the plugin sends the session token to the GlueUp membership endpoint to check whether the user has an active membership.
Endpoint: https://api.glueup.com/v2/membership/activeApplicationList

Data transmitted

User email address (on login)
MD5-hashed user password (on login)
Session token (on membership verification)
API public and private keys (as HMAC authentication headers)

This data is only sent when a user actively submits the login form. No data is sent passively or on page load.

Service provider

These services are provided by GlueUp (https://www.glueup.com).
* Terms of Use: https://www.glueup.com/terms
* Privacy Policy: https://www.glueup.com/privacy

安装

Upload the plugin files to the /wp-content/plugins/bigambitions-glueup-bridge directory.
Activate the plugin through the ‘Plugins’ screen in WordPress.
Configure your API Keys and Organization name under ‘BA Membership Bridge’ in the WordPress admin menu.
Add the shortcode [glueup_login_form] to any page.

常见问题

Is this an official GlueUp plugin?: No. This is an independent integration bridge developed by Big Ambitions. It is not affiliated with, endorsed by, or officially connected to GlueUp. It works with the publicly available GlueUp API.
Can I use this for free members?: Yes, as long as they have a record in your GlueUp database with an allowed status.

评价

此插件暂无评价。

贡献者及开发者

「BigAmbitions Membership & Login Bridge for GlueUp」是开源软件。以下人员对此插件做出了贡献。

divemasterza

帮助将「BigAmbitions Membership & Login Bridge for GlueUp」翻译成简体中文。

对开发感兴趣吗?

您可以浏览代码，查看SVN仓库，或通过RSS订阅开发日志。

更新日志

1.1.1

Bug Fix: Resolved login redirect loop on sites where other plugins (e.g. Elementor) output content before the login shortcode executes. Moved wp_signon() to the init hook so the auth cookie is set before any HTML is sent.
Added optional debug logging toggle in plugin settings to aid troubleshooting.

1.1.0

Security Hardening: Replaced manual login flow with WordPress core authenticate filter.
Account Protection: Blocked bridge login for privileged accounts (Admin/Editor) to prevent takeover.
Menu Hierarchy: Moved settings page under the standard ‘Settings’ menu.
Redirect Fix: Site lockdown redirect is now opt-in via a settings toggle (off by default).
Updated Author and Plugin URIs.

1.0.0

Initial public release.
Enforced trademark-compliant naming for WordPress.org directory.
Implemented secure script enqueuing via wp_add_inline_script().
Added strict membership status sanitization.
Full disclosure of external GlueUp API services.